Severity by source
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:H/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Primary rating from GitHub Advisory · only source for this CVE.
CVSS VectorGitHub Advisory
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:H/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Lifecycle Timeline
6DescriptionGitHub Advisory
The cloakserve CDP multiplexer uses the user-supplied fingerprint query parameter directly as a filesystem path component when creating Chrome profile directories. An unauthenticated attacker who can reach the cloakserve port can supply a crafted fingerprint value containing path traversal sequences to resolve user_data_dir outside the configured data_dir. When Chrome fails to start or the process is cleaned up, shutil.rmtree() deletes the traversed path, resulting in arbitrary directory deletion.
Additionally, cloakserve bound to 0.0.0.0 by default, making it network-exposed.
Impact
An attacker with network access to the cloakserve port can delete arbitrary directories accessible to the service user.
Patches
Fixed in v0.3.28.
Mitigations
- Upgrade to v0.3.28 or later
- Restrict network access to the cloakserve port
AnalysisAI
Arbitrary directory deletion in CloakBrowser's cloakserve CDP multiplexer (pip package cloakbrowser <= 0.3.27) allows unauthenticated network attackers to delete directories accessible to the service user by supplying path traversal sequences in the fingerprint query parameter. The service binds to 0.0.0.0 by default, dramatically widening exposure, and no public exploit identified at time of analysis though the vulnerability is trivially reproducible from the published advisory.
Technical ContextAI
cloakserve is a Chrome DevTools Protocol (CDP) multiplexer shipped in the CloakBrowser Python package (pkg:pip/cloakbrowser). It spawns Chrome instances and isolates them via per-session profile directories rooted under a configured data_dir. The root cause is CWE-22 (Improper Limitation of a Pathname to a Restricted Directory): the fingerprint query parameter is concatenated/joined into the user_data_dir path without canonicalization or containment checks, so sequences such as ../../ resolve outside data_dir. When Chrome subsequently fails to start or the session is torn down, the cleanup path invokes Python's shutil.rmtree() against the attacker-controlled resolved path, recursively deleting whatever the service's user can write to. Compounding the bug, the listener binds to 0.0.0.0 by default rather than loopback, so any reachable host on the network can trigger the sink.
RemediationAI
Vendor-released patch: 0.3.28 - upgrade the cloakbrowser PyPI package to 0.3.28 or later (pip install --upgrade 'cloakbrowser>=0.3.28') as the primary remediation, per advisory GHSA-mf33-gv72-w2h5 (https://github.com/CloakHQ/CloakBrowser/security/advisories/GHSA-mf33-gv72-w2h5). If immediate patching is not possible, restrict network access to the cloakserve port via host firewall rules (iptables/nftables/Windows Firewall) or by placing the service behind a reverse proxy that enforces source-IP allowlisting; explicitly bind cloakserve to 127.0.0.1 instead of 0.0.0.0 where the launch configuration permits, accepting that remote CDP clients will then need to be tunneled (e.g., SSH port-forward) which adds operator friction. Run the service under a dedicated low-privilege user whose filesystem write scope is limited to data_dir so that any successful traversal cannot reach sensitive system directories or other users' data, noting this is mitigation rather than fix and does not prevent destruction of the service's own state.
Use-after-free vulnerability in the DisplayObject class in the ActionScript 3 (AS3) implementation in Adobe Flash Player
V8 in Google Chrome prior to 54.0.2840.90 for Linux, and 54.0.2840.85 for Android, and 54.0.2840.87 for Windows and Mac
Type confusion in V8 in Google Chrome prior to 59.0.3071.86 for Linux, Windows, and Mac, and 59.0.3071.92 for Android, a
The Array.prototype.concat implementation in builtins.cc in Google V8, as used in Google Chrome before 49.0.2623.108, do
Mozilla Firefox before 18.0, Firefox ESR 10.x before 10.0.12 and 17.x before 17.0.2, Thunderbird before 17.0.2, Thunderb
Incorrect handling of complex species in V8 in Google Chrome prior to 57.0.2987.98 for Linux, Windows, and Mac and 57.0.
The Chrome Object Wrapper (COW) implementation in Mozilla Firefox before 16.0, Firefox ESR 10.x before 10.0.8, Thunderbi
An issue was discovered in the Cisco WebEx Extension before 1.0.7 on Google Chrome, the ActiveTouch General Plugin Conta
The XrayWrapper implementation in Mozilla Firefox before 35.0 and SeaMonkey before 2.32 does not properly interact with
The Chrome Object Wrapper (COW) implementation in Mozilla Firefox before 18.0, Firefox ESR 17.x before 17.0.2, Thunderbi
The Web IDL implementation in Mozilla Firefox before 28.0, Firefox ESR 24.x before 24.4, Thunderbird before 24.4, and Se
Use-after-free vulnerability in the BitmapData class in the ActionScript 3 (AS3) implementation in Adobe Flash Player 13
Same weakness CWE-22 – Path Traversal
View allSame technique Path Traversal
View allShare
External POC / Exploit Code
Leaving vuln.today
EUVD-2026-33724
GHSA-mf33-gv72-w2h5